<html>
<head><meta charset="utf-8"><title>Help wanted for making mem::zeroed/uninititalized safer · wg-secure-code · Zulip Chat Archive</title></head>
<h2>Stream: <a href="https://rust-lang.github.io/zulip_archive/stream/146229-wg-secure-code/index.html">wg-secure-code</a></h2>
<h3>Topic: <a href="https://rust-lang.github.io/zulip_archive/stream/146229-wg-secure-code/topic/Help.20wanted.20for.20making.20mem.3A.3Azeroed.2Funinititalized.20safer.html">Help wanted for making mem::zeroed/uninititalized safer</a></h3>

<hr>

<base href="https://rust-lang.zulipchat.com">

<head><link href="https://rust-lang.github.io/zulip_archive/style.css" rel="stylesheet"></head>

<a name="182105307"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/146229-wg-secure-code/topic/Help%20wanted%20for%20making%20mem%3A%3Azeroed/uninititalized%20safer/near/182105307" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> RalfJ <a href="https://rust-lang.github.io/zulip_archive/stream/146229-wg-secure-code/topic/Help.20wanted.20for.20making.20mem.3A.3Azeroed.2Funinititalized.20safer.html#182105307">(Nov 28 2019 at 12:41)</a>:</h4>
<p>I <a href="https://github.com/rust-lang/rust/pull/66059" target="_blank" title="https://github.com/rust-lang/rust/pull/66059">have been working on</a> adding some extra dynamic checks to <code>mem::uninitialized</code> and <code>mem::zeroed</code> to hopefully detect some common misuses, but progress on the PR is stalled on <a href="https://github.com/rust-lang/rust/pull/66059#issuecomment-555873248" target="_blank" title="https://github.com/rust-lang/rust/pull/66059#issuecomment-555873248">analyzing the crater results</a>, and I don't have much time. If someone reading this could help, that would be awesome. :D</p>
<p>(I figured this aligns with the goals of the WG so I hope this is appropriate to post here.)</p>



<a name="182143532"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/146229-wg-secure-code/topic/Help%20wanted%20for%20making%20mem%3A%3Azeroed/uninititalized%20safer/near/182143532" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Shnatsel <a href="https://rust-lang.github.io/zulip_archive/stream/146229-wg-secure-code/topic/Help.20wanted.20for.20making.20mem.3A.3Azeroed.2Funinititalized.20safer.html#182143532">(Nov 29 2019 at 00:45)</a>:</h4>
<p><span class="user-mention" data-user-id="120791">@RalfJ</span> I see a bunch of seemingly unrelated failures, e.g. failing to get an environment variable. Should I ignore that and just focus on the error messages about the memory that's left uninitialized? What should be done once the places where this triggers are identified?</p>



<a name="182195619"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/146229-wg-secure-code/topic/Help%20wanted%20for%20making%20mem%3A%3Azeroed/uninititalized%20safer/near/182195619" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> RalfJ <a href="https://rust-lang.github.io/zulip_archive/stream/146229-wg-secure-code/topic/Help.20wanted.20for.20making.20mem.3A.3Azeroed.2Funinititalized.20safer.html#182195619">(Nov 29 2019 at 18:08)</a>:</h4>
<p>yeah I was wondering about those. I first thought they are all spurious (and some of them most likely are), but then I saw some weird failures without the panic in a crate triggering the <code>invalid_value</code> lint -- which seems more like a true positive where the panic message somehow got lost</p>



<a name="182195741"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/146229-wg-secure-code/topic/Help%20wanted%20for%20making%20mem%3A%3Azeroed/uninititalized%20safer/near/182195741" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> RalfJ <a href="https://rust-lang.github.io/zulip_archive/stream/146229-wg-secure-code/topic/Help.20wanted.20for.20making.20mem.3A.3Azeroed.2Funinititalized.20safer.html#182195741">(Nov 29 2019 at 18:11)</a>:</h4>
<p>but maybe I just misread that</p>



<a name="182195760"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/146229-wg-secure-code/topic/Help%20wanted%20for%20making%20mem%3A%3Azeroed/uninititalized%20safer/near/182195760" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> RalfJ <a href="https://rust-lang.github.io/zulip_archive/stream/146229-wg-secure-code/topic/Help.20wanted.20for.20making.20mem.3A.3Azeroed.2Funinititalized.20safer.html#182195760">(Nov 29 2019 at 18:11)</a>:</h4>
<p>I would discard logs that have no indication of having anything to do with <code>mem::uninitialized</code>/<code>mem::zeroed</code> through either deprecation warnings, <code>invalid_value</code>lint or the panic message</p>



<a name="182195813"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/146229-wg-secure-code/topic/Help%20wanted%20for%20making%20mem%3A%3Azeroed/uninititalized%20safer/near/182195813" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> RalfJ <a href="https://rust-lang.github.io/zulip_archive/stream/146229-wg-secure-code/topic/Help.20wanted.20for.20making.20mem.3A.3Azeroed.2Funinititalized.20safer.html#182195813">(Nov 29 2019 at 18:12)</a>:</h4>
<blockquote>
<p>What should be done once the places where this triggers are identified?</p>
</blockquote>
<p>For now I think the most important part is getting a feel for how many of those there are, so that we have data to start a lang team discussion</p>



<a name="182195851"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/146229-wg-secure-code/topic/Help%20wanted%20for%20making%20mem%3A%3Azeroed/uninititalized%20safer/near/182195851" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> RalfJ <a href="https://rust-lang.github.io/zulip_archive/stream/146229-wg-secure-code/topic/Help.20wanted.20for.20making.20mem.3A.3Azeroed.2Funinititalized.20safer.html#182195851">(Nov 29 2019 at 18:13)</a>:</h4>
<p>like, I expect some of these to have the same root regression</p>



<a name="182195948"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/146229-wg-secure-code/topic/Help%20wanted%20for%20making%20mem%3A%3Azeroed/uninititalized%20safer/near/182195948" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> RalfJ <a href="https://rust-lang.github.io/zulip_archive/stream/146229-wg-secure-code/topic/Help.20wanted.20for.20making.20mem.3A.3Azeroed.2Funinititalized.20safer.html#182195948">(Nov 29 2019 at 18:15)</a>:</h4>
<p>what would also be interesting is if there are fixed versions of these libraries and people just didn't upgrade. But I think discussion can start without that.</p>



<hr><p>Last updated: Aug 07 2021 at 22:04 UTC</p>
</html>